This phishing kit is punishing unaware shoppers this Black Friday

Cybersecurity researchers from Akamai have spotted a new phishing campaign that targets consumers in the United States with fake holiday o...

Cybersecurity researchers from Akamai have spotted a new phishing campaign that targets consumers in the United States with fake holiday offers. The goal of the campaign is to steal sensitive identity credentials like credit card information, and ultimately their money.

The threat actors are creating landing pages that impersonate some of the biggest brands in the US, including Dick’s, Tumi, Delta Airlines, Sam’s Club, Costco, and others.

The landing page, often hosted on reputable cloud services like Google, or Azure, directs users to complete a short survey, after which they’d be promised a prize. The survey would also be time-limited to five minutes, using urgency to draw people’s attention away from potential red flags. 

Unique phishing URLs

After completing the survey, the victims would be pronounced “winners”. The only thing they’d now need to do, in order to receive their prize, is to pay for the shipping. This is where they’d give away their sensitive payment information, to be later used by the attackers in different ways. 

However, what makes this campaign unique is its token-based system that allows it to fly under the radar and not get picked up by cybersecurity solutions. 

As the researchers explain, the system helps redirect each victim to a unique phishing page URL. The URLs differ based on the victim’s location, as crooks look to impersonate locally available brands. 

Explaining how the system works, the researchers said each phishing email contains a link to the landing page, that comes with an anchor (#). This is usually how visitors are navigated to specific parts of a landing page. In this scenario, the tag is a token, used by JavaSCript on the landing page, which reconstructs the URL. 

"The values being after the HTML anchor will not be considered as HTTP parameters and will not be sent to the server, yet this value will be accessible by JavaScript code running on the victim's browser," the researchers said. "In the context of a phishing scam, the value placed after the HTML anchor might be ignored or overlooked when scanned by security products that are verifying whether it is malicious or not."

"This value will also be missed if viewed by a traffic inspection tool."

Cybersecurity solutions overlook this token, helping threat actors keep a low profile. On the other hand, researchers, analysts, and other unwanted visitors, are kept away, as, without the proper token, the site won’t load. 

Via: BleepingComputer



from TechRadar - All the latest technology news https://ift.tt/ConLvXs
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,188,Video,5,XIAOMI,13,YouTube - 9to5Google,187,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: This phishing kit is punishing unaware shoppers this Black Friday
This phishing kit is punishing unaware shoppers this Black Friday
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/11/this-phishing-kit-is-punishing-unaware.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/11/this-phishing-kit-is-punishing-unaware.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy